US 7860911 B2 Abstract A multiply unit includes an extended precision accumulator. Microprocessor instructions are provided for manipulating portions of the extended precision accumulator including an instruction to move the contents of a portion of the extended accumulator to a general-purpose register (“MFLHXU”) and an instruction to move the contents of a general-purpose register to a portion of the extended accumulator (“MTLHX”).
Claims(18) 1. A microprocessor, comprising:
an instruction execution unit; and
a multiply unit, coupled to the execution unit, that includes a low-order register, a high-order register, and an extended register,
wherein execution of a first instruction by the execution unit causes data stored in the extended register to be zero-extended and moved from the extended register to the high-order register, and
wherein execution of a second instruction by the execution unit causes a subset of data stored in the high-order register to be moved from the high-order register to the extended register.
2. The microprocessor of
3. The microprocessor of
4. The microprocessor of
5. The microprocessor of
6. The microprocessor of
7. The microprocessor of
8. A multiply unit for a microprocessor, comprising:
an arithmetic multiplier;
a polynomial multiplier; and
an extended-precision accumulation register coupled to the arithmetic multiplier and the polynomial multiplier, wherein the extended-precision accumulation register includes a low-order register, a high-order register, and an extended register,
wherein execution of a first instruction by an execution unit of the microprocessor causes data stored in the extended register to be zero-extended and moved from the extended register to the high-order register, and
wherein execution of a second instruction by the execution unit of the microprocessor causes a subset of data stored in the high-order register to be moved from the high-order register to the extended register.
9. The multiply unit of
10. The multiply unit of
11. The multiply unit of
12. The multiply unit of
13. A tangible computer-readable storage medium comprising a microprocessor core embodied in software, the microprocessor core comprising:
an instruction execution unit; and
a multiply unit, coupled to the execution unit, that includes a low-order register, a high-order register, and an extended register,
wherein execution of a first instruction by the execution unit causes data stored in the extended register to be zero-extended and moved from the extended register to the high-order register, and
wherein execution of a second instruction by the execution unit causes a subset of data stored in the high-order register to be moved from the high-order register to the extended register.
14. The tangible computer-readable storage medium of
15. The tangible computer-readable storage medium of
16. The tangible computer-readable storage medium of
17. The tangible computer-readable storage medium of
18. The tangible computer-readable storage medium of
Description This application is a continuation of U.S. patent application Ser. No. 09/788,685, filed Feb. 21, 2001, now U.S. Pat. No. 7,181,484, issued Feb. 20, 2007, which is incorporated herein by reference in its entirety; and this application is related to the following commonly owned patent applications: (1) U.S. patent application Ser. No. 09/788,683, filed Feb. 21, 2001, now U.S. Pat. No. 7,237,097, issued Jun. 26, 2007; (2) U.S. patent application Ser. No. 09/788,670, filed Feb. 21, 2001, now U.S. Pat. No. 7,599,981, issued Oct. 6, 2009; (3) U.S. patent application Ser. No. 09/788,684, filed Feb. 21, 2001, now U.S. Pat. No. 7,711,763, issued May 4, 2010; and (4) U.S. patent application No. 09/788,682, filed Feb. 21, 2001, now U.S. Pat. No. 7,162,621, issued Jan. 9, 2007, each of which is incorporated herein by reference. U.S. patent application Ser. No. 10/195,522, filed Jul. 16, 2002, now U.S. Pat. No. 7,225,212, issued May 29, 2007, is a divisional of U.S. patent application Ser. No. 09/788,685, filed Feb. 21, 2001, now U.S. Pat. No. 7,181,484, issued Feb. 20, 2007. This invention relates to a microprocessor multiplier, and more particularly to a microcomputer multiplier with an extended precision accumulator. Reduced instruction set computer (RISC) architectures were developed as industry trends tended towards larger, more complex instruction sets. By simplifying instruction set designs, RISC architectures make it easier to use techniques such as pipelining and caching, thus increasing system performance. RISC architectures usually have fixed-length instructions (e.g., 16-bit, 32-bit, or 64-bit), with few variations in instruction format. Each instruction in an instruction set architecture (ISA) may have the source registers always in the same location. For example, a 32-bit ISA may always have source registers specified by bits 16-20 and 21-25. This allows the specified registers to be fetched for every instruction without requiring any complex instruction decoding. Cryptographic systems (“cryptosystems”) are increasingly used to secure transactions, to encrypt communications, to authenticate users, and to protect information. Many private-key cryptosystems, such as the Digital Encryption Standard (DES), are relatively simple computationally and frequently reducible to hardware solutions performing sequences of XORs, rotations, and permutations on blocks of data. Public-key cryptosystems, on the other hand, may be mathematically more subtle and computationally more difficult than private-key systems. While different public-key cryptography schemes have different bases in mathematics, they tend to have a common need for integer computation across very large ranges of values, on the order of 1024 bits. This extended precision arithmetic is often modular (i.e., operations are performed modulo a value range), and in some cases polynomial instead of twos-complement. For example, RSA public-key cryptosystems use extended-precision modular exponentiation to encrypt and decrypt information and elliptic curve cryptosystems use extended-precision modular polynomial multiplication. Public-key cryptosystems have been used extensively for user authentication and secure key exchange, while private-key cryptography has been used extensively to encrypt communication channels. As the use of public-key cryptosystems increases, it becomes desirable to increase the performance of extended-precision modular arithmetic calculations. In one general aspect, a multiply unit is provided for use in a microprocessor having at least one general-purpose register for storing a predetermined number of bits. The multiply unit includes a multiplier and an extended-precision accumulator including more bits than each of the general-purpose registers. Implementations include using the multiplier to provide a multiply-add operation whereby operands to the multiply unit are multiplied and added to the contents of the extended-precision accumulator. The multiplier may include an arithmetic multiplier and a polynomial multiplier. In a polynomial multiplier implementation, a multiply-add operation multiplies two operands and adds the result to the contents of the extended-precision accumulator using an exclusive-or operation. In some implementations, the multiplier includes result logic for selecting which values to load into the extended-precision accumulator. For example, the result logic may be implemented as a multiplexer. In some implementations, the extended-precision accumulator includes an extended register, a high-order register, and a low-order register. For example, the extended register may store 8-bit values and the other two registers may store 32-bit values. Instructions are provided for manipulating the contents of the extended-precision accumulator. One instruction moves a value from the extended-precision accumulator into a general-purpose register and an inverse instruction moves a value from a general-purpose register into the extended-precision accumulator. The instructions additionally may shift the contents of the extended-precision register. The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features and advantages will be apparent from the description and drawings, and from the claims. Many public-key cryptosystems use extended-precision modular arithmetic to encrypt and decrypt data. For example, many elliptic curve (EC) cryptosystems extensively use polynomial multiplication and addition to encrypt and decrypt data. Performance of elliptic curve cryptosystems may be enhanced by modifying a programmable CPU multiplier to be responsive to newly defined instructions dedicated to polynomial operations. When using elliptic curves defined over GF(2 Polynomial multiplication has the same form as modular multiplication, ab mod p, over the integers, except that: (1) regular addition is replaced by an XOR; and (2) regular 32-bit multiplication is replaced by a 32-bit carry-free multiplication. Therefore, polynomial modular multiplication may be performed using shifts and XORs instead of shifts and adds. It is desirable to provide a multiply unit that supports fast polynomial multiplication and various other operations to increase the performance of cryptographic and other systems. Providing support for extended precision modular arithmetic and polynomial operations can increase the performance of cryptosystems. Some cryptographic systems, such as those performing RSA cryptographic signature authentication, perform successive extended precision modular multiplications, accumulating the sum of the results. The performance of these systems may be increased by providing support in a multiply unit for an instruction to multiply two operands and add the result to an accumulator. When successive multiply/adds are performed, the accumulator may overflow. It is desirable to provide an extended precision accumulator to provide increased performance in cryptosystems and other systems. Referring to Because some operations, such as floating point calculations and integer multiply/divide, cannot always be performed in a single clock cycle, some instructions merely begin execution of an instruction. After sufficient clock cycles have passed, another instruction may be used to retrieve a result. For example, when an integer multiply instruction takes five clock cycles, one instruction may initiate the multiplication calculation, and another instruction may load the results of the multiplication into a register after the multiplication has completed. If a multiplication has not completed by the time a result is requested, the pipeline may stall until the result is available. Referring to Execution unit The MDU In one implementation, LO register In the implementation described in The instructions MUL, MULT, and MULTU may be used to multiply two 32-bit numbers together. The result is stored in a specified register for MUL, and in the HI/LO registers for MULT and MULTU. For example, “MUL $ The instructions DIV and DIVU perform division operations and store the results in the ACX/HI/LO registers. For example, “DIV $ The instructions MSUB, MSUBU, MADD, and MADDU may be used to multiply the contents of two registers and then add or subtract the contents of the ACX/HI/LO registers. For example, “MSUB $ The MFHI, MFLO, MTHI, MTLO, MFLHXU, and MTLHX instructions are used to move data between the ACX/HI/LO registers and general-purpose registers. The first instruction, MFHI, loads the contents of the HI register into a general-purpose register. For example, “MFHI $ More generally, an instruction format for MFLHXU (“Move From Extended Carry, Hi and Lo (Unsigned)”) is shown in Similarly, the instruction format for MTLHX (“Move to Lo, Hi and Extended Carry”) is shown in In one implementation, the content of the ACX register is not directly accessible. For purposes of discussion, in this implementation the ACX register is 8 bits wide, and the HI and LO registers are each 32 bits wide. To indirectly access the ACX register, the values stored in the ACX/HI/LO registers may be shifted to the left or right. For example, “MFLHXU $ The MTLHX performs the inverse operation. For example, “MTLHX $ The PPERM operation performs permutations as specified in a register, and stores the result in the ACX/HI/LO registers. For example, “PPERM $ Register $ Finally, MULTP may be used to perform binary polynomial multiplication and MADDP may be used to perform binary polynomial multiplication with the result added to the ACX/HI/LO registers. These operations are analogous to MULT and MADD, but operate on binary polynomial operands. The polynomial operands of MULTP and MADDP are encoded in 32-bit registers with each bit representing a polynomial coefficient. For example, the polynomial “x The MADDP instruction performs multiplication just as MULTP, adding the result to the ACX/HI/LO registers. Polynomial addition may be performed using a bitwise XOR. For example, the binary polynomial addition (x Referring to The RThold register Array unit Array unit Multiplexers Register RDM The HI/LO registers are used to store the results of multiplication and to provide support for accumulator operations. In one implementation, the precision of the HI/LO registers is increased by adding register ACX as an extended accumulator. Thus, the ACX/HI/LO registers may store a 72-bit value. The corresponding data paths shown in Because the extended precision accumulator ACX/HI/LO may have higher precision than the general-purpose registers, it is not possible to load all 72 bits into a general-purpose register. Thus, it is desirable to provide instructions to support loading and manipulating the contents of the ACX/HI/LO registers (e.g., MFLHXU and MTLHX). The data path described below includes six major parts: (1) input registering and selection; (2) Booth recoding; (3) multiplier arrays and permutation logic; (4) a carry propagate adder; (5) result registering and selection; and (6) a separate 32-bit output register for presenting results. Input registering and selection is performed using the RShold and RThold registers to hold the RS and RT operands. Multiplexers select whether to use these operands directly or to use the registered versions. Booth recoding is performed on half of the RT operand at a time to provide inputs to the multiplier arrays and permutation logic. Booth recoding is a technique that permits the multiplier array to treat signed and unsigned operands the same. This technique “recodes” operands as a subtraction from the next highest power of two. For example, 7 may be Booth recoded as follows: 8−1=1000 One array of array unit The arithmetic multiplication array may be implemented using any of the techniques described by Hennessy and Patterson in the incorporated “Computer Architecture: A Quantitative Approach,” Morgan Kaufmann Publishers, Inc. (1996). For example, Appendix A of Hennessy and Patterson describes several ways to speed up arithmetic multipliers. Any of the described techniques may be used as a basis for the polynomial multiplication extensions described below. Referring to Referring to Marray Marray Referring to MParray Three multiplexers shown in Referring again to The MDU Referring to Referring to In one implementation, target applications demand fast division. Many techniques may be used to increase the performance of division. For example, the Sweeney, Robertson, and Tocher (SRT) algorithm or some variation thereof may be used. Referring to In this implementation, the multiplier is pipelined. One multiplication may be run through the array unit and another through the CPA. Thus, the multiplier either transitions from ARRI If a second multiplication is ready to be performed when the first multiplication is ready to be run through the CPA, then the multiplier either transitions to CPA If the second multiplication is a 32-bit multiplication, then in state CPA Referring to Iterative division is performed in states DIV Referring again to For example, permutation logic In addition to multiplier implementations using hardware (e.g., within a microprocessor or microcontroller), implementations also may be embodied in software disposed, for example, in a computer usable (e.g., readable) medium configured to store the software (i.e., a computer readable program code). The program code causes the enablement of the functions or fabrication, or both, of the systems and techniques disclosed herein. For example, this can be accomplished through the use of general programming languages (e.g., C, C++), hardware description languages (HDL) including Verilog HDL, VHDL, AHDL (Altera HDL) and so on, or other available programming and/or circuit (i.e., schematic) capture tools. The program code can be disposed in any known computer usable medium including semiconductor, magnetic disk, optical disk (e.g., CD-ROM, DVD-ROM) and as a computer data signal embodied in a computer usable (e.g., readable) transmission medium (e.g., carrier wave or any other medium including digital, optical, or analog-based medium). As such, the code can be transmitted over communication networks including the Internet and intranets. It is understood that the functions accomplished and/or structure provided by the systems and techniques described above can be represented in a core (e.g., a microprocessor core) that is embodied in program code and may be transformed to hardware as part of the production of integrated circuits. Also, the systems and techniques may be embodied as a combination of hardware and software. Accordingly, other implementations are within the scope of the following claims. Patent Citations
Non-Patent Citations
Referenced by
Classifications
Legal Events
Rotate |